Social media slippery slopes

Yesterday, I went through what I see as a trilemma for age-gating social media access. 

A system putting obligations and liability on social media providers to keep kids off the platform will have at least one of the following three problems:

1. Easily worked around by those under the age limit;
2. Cumbersome for those over the age limit;
3. Ends internet pseudonymity. 

I think the proponents of the proposed Member's Bill that National has endorsed envision the system being light-touch and consequently leaning on the first part of the trilemma. It's about 'sending a message' as much as it is about developing a workable regime. 

The Bill is broad enough to encompass all kinds of ways of running it. It depends what you think counts as "reasonable steps". 

Consider the lightest-touch version. 

The Minister designates only Snapchat, Instagram, Facebook and Twitter - leaving everything else alone. And the Minister signals that they don't want the platforms going overboard on what's 'reasonable'. 

The platforms then require users to confirm that they are over the required age. They use various AI tools to watch for accounts that might be under-aged. Some of them, like Instagram, already do this - they try to push teenaged users onto a teen-version of the platform. 

If they suspect a user is under-aged, the platform will issue a challenge. "We think you're actually under the age limit. If you can't prove otherwise, we'll suspend your account or punt you into the kids' version (if that kid version is still legal)." 

For users falsely identified by the automated tools as being under the age limit, the trilemma applies. Either the challenge is easily worked around, or it is cumbersome for those over the age limit, or it's the end of pseudonymity. Being a light-touch regime, it leans on the former.

This does not seem like a political equilibrium. 

People will forget about the tradeoffs when it is obvious that kids are still on the networks. The Minister will put the platforms "On Notice!" that they have to do more to close loopholes. 

That pushes the designated platforms to tighten up. More users will face cumbersome checks confirming that they are over the age limits. It will be harder to maintain pseudonymity if those accounts need to be verified with a real ID. 

The more the regime is successful in keeping kids off of the regulated platforms (at cost to adult users), the more that kids will be pushed onto platforms that have not yet been designated. Those platforms will then be designated. Discord. WhatsApp. Various videogames that have chatrooms or that enable chat. 

Compliance burdens continue to rise, except on platforms outside the reach of New Zealand regulators, like 4Chan. 

The stable equilibrium at the end of that? Substantial hassles for users over the age limit and/or the end of pseudonymity, some kids deterred from using platforms, others out on forums that are far worse than where they are now. 

Recall that John Key's ban on pseudoephedrine-based cold medicines remained in place for more than a decade after it was very obvious that it had done nothing to stop meth while inconveniencing everyone with a cold. 

A social media trilemma

Australia has required social media platforms to come up with ways of excluding under-16s.

Chris Luxon has followed suit for New Zealand, backing a proposed Member's Bill that is now in the ballot.

I think the evidence on social media harms for kids is strong enough for parents to keep an eye on things, but not strong enough to justify bans. 

But leaving that aside, suppose you wanted to implement one. 

I think a trilemma applies for any system that puts the obligation on platforms. If you want to set penalties for kids found to be on social media, that trilemma wouldn't apply - but I doubt effective penalties would be credible.

Anyway. The trilemma. Or at least my asserted trilemma. Disprove me by providing a system that does not suffer from at least one of these problems:

1. The system is easily circumvented by those under the legal age. 
2. The system is onerous for those over the legal age.
3. The system means the effective end of social media pseudonymity/privacy.

Consider solutions grounded in zero-knowledge proofs. 

A verifier confirms my credentials are consistent with my being aged 16+. I authorise it to reveal that to anyone providing it with a key that it generates for me. I give that key to my preferred platform. The platform isn't required to disclose that it's Twitter or Facebook or whoever. There's just an API that takes keys and confirms whether the person associated is over the age or not. 

The platform doesn't know the identity associated with the key. The verifier doesn't know which platform has asked about my age. All good, right? 

I'm 16. My 15 year old friend hands me their phone. I log into the verifier on their phone, presenting my credentials. It generates a key. My friend takes back the phone, logs into Twitter, asks it to authorise using that key, and it does. 

Zero-knowledge proofs are great for a lot of purposes but they aren't going to help you much if the person seeking authentication is happy to have someone else take that authentication. 

So we have the first tine of the fork. And a bit of the second tine - there is a burden imposed on every person using the platform, not just those under the age limit. 

Govt says aha! We will require frequent verification challenges or you will not be considered as having taken all reasonable efforts to keep kids off the platform. 

Well, now you're firmly into fork tine 2. It's a recurring hassle for users. 

Maybe the platforms use AI tools to restrict the challenges to those who it thinks might be underaged. Tine 2 then applies to a narrower set of above-age-limit users. It'll be a big hassle for a few years after you pass the age limit. 

Want to make it simpler? Here's an easy way. The platform gives you the option to just upload your driver's licence; it then occasionally takes a picture of your face to make sure that the user is the person who presented the credential. No having to log into other sites, none of that. 

But now we're on tine 3. The end of internet pseudonymity. And the Chinese Government now has everyone's ID from TikTok. 

The legislation as drafted winds up with a mix of all three. Platforms can use whatever method they like for verifying age. And they have a defence against $2 million dollar liability if they provide evidence that they relied on a presented ID that wasn't right.

So it's easy for kids to circumvent - get a friend's ID.

It's a hassle for adults, who all have to provide ID.

And it's the end of internet privacy/pseudonymity, because the system Chris Luxon's endorsed will find it simplest to collect and store everyone's passport or driver's licence. 

And those can always be subpoenaed later, if anyone says anything wrong on the internet.